Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
2.10 added random custom gallery token and the gallery won't show all the images, after clicking the "Load more" button.
On the page 2 galleries will be created: one for the images displayed by default and another gallery that contains images loaded with the "Load More" functionality.
Comment | File | Size | Author |
---|---|---|---|
#4 | colorbox_gallery_token_setting_2613200.patch | 1.57 KB | frjo |
Comments
Comment #2
frjo CreditAttribution: frjo commentedThe security team decided that this changes was needed from a security perspective. I would rather not have implemented it.
I plan to add an option to disable it, with some warnings to make the security team happy.
Comment #3
oana.hulpoi CreditAttribution: oana.hulpoi as a volunteer commentedJust that we need a solution for this kind of situations... when we add dynamic content to existing galleries and we want to keep the functionality. And not create 2 or more galleries every time new content is loaded.
Thanks for your quick answer :)
Comment #4
frjo CreditAttribution: frjo commentedPlease try out this patch. It adds a "Unique per-request gallery token" settings under "Advanced settings" section on the Colorbox configuration page.
Comment #5
frjo CreditAttribution: frjo commentedComment #7
oana.hulpoi CreditAttribution: oana.hulpoi as a volunteer commentedThank you! I tested the patch, it removes the token if "Off" and it works :)
What about the security implications? Do you think that, for some cases (like the one described above), we can re-use a token that already exists on page, maybe with javascript?
Comment #11
frjo CreditAttribution: frjo commentedCommitted to 7-dev now, thanks for testing!
There is only a security issue (of sort) if you have comments on the same page and allow users to use link and image tags there.